Free Republic

Apple said Thursday that its mobile, desktop and Web services weren’t affected by a major flaw in a set of security software used by hundreds of thousands of websites. The flaw, codenamed “Heartbleed” and first reported by Web security firm Codenomicon, was discovered in a technology called “OpenSSL” — a set of encryption software used by Web companies to safeguard user information. Sites that use OpenSSL will display a small “lock” icon in the top left-hand corner of your Web browser’s address bar (though not all sites showing this lock use OpenSSL); the technology is used on more than two-thirds...

Reuters reports that the NSA paid massive computer security firm RSA $10 million to promote a flawed encryption system so that the surveillance organization could wiggle its way around security. In other words, the NSA bribed the firm to leave the back door to computers all over the world open. Thanks to documents leaked by Edward Snowden, we already knew the NSA played a central role in promoting a flawed formula for generating random numbers, which if used in encryption, essentially gives the spies easy access to computing systems. A piece of RSA software, bSafe, became the most significant vector...

We've long suspected that the NSA, the world's premiere spy agency, was pretty good at breaking into computers. But now, thanks to an article by security expert Bruce Schneier—who is working with the Guardian to go through the Snowden documents—we have a much more detailed view of how the NSA uses exploits in order to infect the computers of targeted users. The template for attacking people with malware used by the NSA is in widespread use by criminals and fraudsters, as well as foreign intelligence agencies, so it's important to understand and defend against this threat to avoid being a...

Now that we have enough details about how the NSA eavesdrops on the internet, including today's disclosures of the NSA's deliberate weakening of cryptographic systems, we can finally start to figure out how to protect ourselves.... At this point, I feel I can provide some advice for keeping secure against such an adversary.... 1) Hide in the network. Implement hidden services. Use Tor to anonymize yourself. Yes, the NSA targets Tor users, but it's work for them.... 2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's true that the NSA targets encrypted connections--and it may have explicit exploits...

Need to download a FREE program...need recommendations..

In the age of the Internet, it’s getting harder and harder to keep secrets. When you type in your password, there’s no telling who might be watching it go by. However, new research at Cornell may offer a pathway to more secure communications. The answer is to not send sensitive information at all. Rafael Pass, associate professor of computer science, has developed a new protocol, or set of rules, to create what computer scientists call a “zero knowledge proof.” “I think zero knowledge proofs are one of the most amazing notions in computer science,” Pass said. “What we have done...

Leaked documents from the German Federal Office for Information Security (BSI) indicate that the organization has become suspicious of Trusted Platform Module (TPM) technology built into an increasing number of Windows 8 PCs and tablets. Documents uncovered and leaked by German news outlet Zeit Online found that the German Ministry of Economic Affairs was displaying significant unease with the combined technologies, suggesting the possibility that a backdoor could be created for further covert NSA surveillance operations. The backdoor in question would allow Microsoft to control the computer remotely. “Trusted Computing,” a method developed and promoted by the Trusted Computing Group,...

Abstract. We describe the use of formal methods in the development of IRONSIDES, an implementation of DNS with superior performance to both BIND and Windows, the two most common DNS servers on the Internet. More importantly, unlike BIND and Windows, IRONSIDES is impervious to all single-packet denial of service attacks and all forms of remote code execution. Introduction DNS is a protocol essential to the proper functioning of the Internet. The two most common implementations of DNS are the free software version BIND and the implementations that come bundled with various versions of Windows. Unfortunately, despite their ubiquity and...

While helping our colleague Dave Bean as he worked to get his essay on Google and the NSA ready for publication, I found myself wondering if any of this latest news on the government’s forcing their nose into everybody-in-the-world’s business would have any lasting effect. Sadly, I figured not–if there was any change, it’d only be temporary. I’ve spent too many years on this planet to expect too much in the way of permanent change for the better. DuckDuckGo’s main page. Click to enlarge.Sadly, I’m of the generation that learned of the advent of global warming way back in the...

For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer. Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down. The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're...

The other day, my college age son quietly went around the house and put electricians tape over the camera lenses on the displays of all our home computers.

Patches 42 security holes Oracle has released a major security update for the version of Java programming language that runs inside Web browsers. The patch fixes 42 vulnerabilities within Java, including "the vast majority" of those that have been rated as the most critical. Oracle Executive Vice President Hasan Rizvisaid that a series of big security flaws in the Java plug-in for browsers have been uncovered in the past year by researchers and hackers, and some have been used by criminal groups. One hacking campaign infected computers using Microsoft Windows and Apple software inside hundreds of companies.Earlier this year the US Department...

<p>Hackers have discovered a new way to part computer uses with their money. They plant malware on a computer that threatens to report the computer user to the police for viewing or distributing porn.</p> <p>It's a form of hacking called "ransomware," according to a new report by security company Symantec, which estimates hackers are earning upwards of $5 million a year from computer users who fall for the scam and pay the blackmail.</p>

"CNN Breaking News -- Mitt Romney Almost President," reads the subject line of an email phishing scam aimed at political junkies. Inside the email is a collection of headlines that appear to link to CNN.com. But clicking through won't inform readers - instead, the links take users to a site that hosts the Blackhole Exploit kit code. Right now, the Blackhole Exploit kit accounts for 28 percent of all Internet threats, Sophos said. The kit can load a Java Trojan and relay which exploits exist on a victim's computer back to the BlackHole server. Hackers use trickery through malicious Web...

When World IPv6 Launch Day dawns on June 6th, IPv6 services will be enabled on thousands of sites around the world and left on. As the 32-bit IPv4 address space has been exhausted, there is a need for global carriers to move to the larger 128-bit address space that IPv6 provides. But will your organization be ready for the new security issues raised by IPv6? In an interview with eSecurity Planet, Chief Security Officer Danny McPherson of VeriSign cautioned that IPv6 is both an opportunity and a potential security risk. VeriSign is responsible for two of the 13 root DNS...

Google plans to warn more than half a million users of a computer infection that may knock their computers off the Internet this summer. Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system will be shut down July 9 -- killing connections for those people.

More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that's being installed on people's computers with the help of Java exploits, security researchers from Russian antivirus vendor Doctor Web said on Wednesday. Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that don't require user interaction. On Tuesday, Apple released a Java update in order to address a critical vulnerability that's being exploited to infect Mac computers with the...

Chinese hackers gained control over NASA’s Jet Propulsion Laboratory (JPL) in November, which could have allowed them delete sensitive files, add user accounts to mission-critical systems, upload hacking tools, and more -- all at a central repository of U.S. space technology, according to a report released Wednesday afternoon by the Office of the Inspector General. That report revealed scant details of an ongoing investigation into the incident against the Pasadena, Calif., lab, noting only that cyberattacks against the JPL involved Chinese-based Internet Protocol (IP) addresses. Paul K. Martin, NASA’s inspector general, put his conclusions bluntly. “The attackers had full functional...

Google, Microsoft, AOL and other big companies have agreed to install a "do not track" button in Web browsers to make sure that you can surf the Web with an assured amount of privacy. It's a big step for the industry -- but until this button arrives, how can you assure yourself a little more privacy online? The "No Track" button would stop companies from using data about your Web browsing habits to customize ads for you. They have also agreed not to use the data for employment, credit, health-care or insurance purposes. For obvious reasons, that type of usage...

If there is one war that Greece could not afford to join, that is with the global computer hacking collective known as Anonymous. Yet as of minutes ago, that is precisley what happened, after Anonymous, as part of what it now calls Operation Greece, took down the Greek Ministry of Justice (http://www.ministryofjustice.gr/). While the pretext for the hacking appears to have been an arrest of the wrong people, is seems to have angered Anonymous to the point where they have left an extended message of demands on the Greek website, warning that unless the IMF withdraws from the country and...